In the fast-paced realm of modern business, adaptation is key. As organizations transition to hybrid work models and embrace cloud-based operations, the very fabric of how we work has transformed – opening doors to more security risks. With more freelancers, contractors, and BYOD programs accessing corporate applications (like web and SaaS applications) via their own devices, oftentimes, what is overlooked is the security posture for the choice of web browsers people are using. In fact, according to Verizon’s Data Breach Investigation Report, over 80% of security incidents originated from we ..read more

US-based human plasma collector, tester, and supplier Octapharma Plasma may have been experiencing a ransomware attack pushing the company into operational shutdown, according to a report by The Register. An unnamed source familiar with the situation reportedly said that Octapharma Plasma fell victim to a BlackSuit ransomware infection on Monday, disrupting operations for its US-based operations. “All centers are experiencing network issues and are currently closed,” Octa said through a message displayed on its website. “Further updates on reopening will be sent via email, social media, Octa ..read more

Cisco has released patches for two privilege escalation vulnerabilities in its Integrated Management Controller (IMC) that is used for out-of-band management of many of its server products, as well as various appliances. The flaws could allow authenticated attackers to execute commands as root on the underlying operating system, one of them already has proof-of-concept exploit code available publicly. The two vulnerabilities, tracked as CVE-2024-20295 and CVE-2024-20356, are rated 8.8 and 8.7 in the Common Vulnerability Scoring System (CVSS) which equates to high severity. Both can be exploi ..read more

UK law enforcement has infiltrated “LabHost,” a fraudulent online service used by more than 10,000 cybercriminals to create phishing websites and trick victims into revealing personal information. Law enforcement agencies from 19 countries coordinated to disrupt the criminal network. Between April 14 and April 17, through a joint operation led by the Metropolitan police, Labhost’s existing services were disrupted with a seizure notice, and a total of 37 arrests were made by the UK as well as international law enforcement agencies. LabHost is a service which was set up in 2021 by a criminal c ..read more

Cisco has announced Hypershield, an AI-based capability of the company’s Security Cloud platform for hyperscalers. Hypershield is designed to defend cloud, data center, and distributed edge appliances from rapid vulnerability exploitation, according to Cisco. Patching today’s sprawling applications has become a task beyond the capabilities of any security team and manual processes. This covers a range of problems: patching cycles cannot keep up, patch testing is complex and therefore takes too long, and legacy technology is unlikely to be patched at all. This model of centralized vulnerabili ..read more

The Change Healthcare ransomware attack has provoked calls to mandate baseline security standards for healthcare providers during Congressional hearings on Tuesday. UnitedHealth Group (UHG) was criticized for its response to a February 2024 attack on its Change Healthcare subsidiary during a three-hour hearing before the House Energy and Commerce Committee. The BlackCat/ALPHV ransomware group broke into Change Healthcare’s systems and encrypted its data before demanding an extortionate payment to restore access. Change Healthcare operates the US’s biggest clearing house for medical claims. T ..read more

Security researchers warn that certain commands executed in the AWS and Google Cloud command-line interfaces (CLIs) will return credentials and other secrets stored in environment variables as part of the standard output. If such commands are executed as part of build workflows in CI/CD tools the secrets will be included in the returned build logs. AWS and Google Cloud consider this expected behavior and it is up to users to take steps to ensure sensitive command outputs are not saved in logs or that sensitive credentials are stored securely and not in environment variables. The Microsoft Az ..read more

Targeting SAP vulnerabilities by threat actors is currently at its peak as systems compromised by ransomware incidents have grown fivefold since 2021, according to joint research by Flashpoint and Onapsis. Based on SAP threat intelligence from Onapsis Research Labs and Flashpoint Threat Intelligence Platform, the research found that multiple, unpatched application-level SAP vulnerabilities are being exploited and used in ransomware campaigns. “This research leverages the combined experience of Onapsis Research Labs on SAP Threats, Vulnerabilities, and Threat Intelligence, with the Flashpoint ..read more

In the wake of a string of high-profile cyber incidents, capped by a crippling ransomware attack on Colonial Pipeline, the US Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) to create a centralized federal government cyber incident reporting apparatus. In March, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM), a crucial step in establishing this new data breach reporting mechanism. CIRCIA mandated that covered entities promptly report to CISA within 72 hours after reasonably believing t ..read more

The Open Source Security Foundation (OpenSSF) together with the OpenJS Foundation have identified additional incidents where attackers attempted to social engineer their way into the management of open source projects using similar techniques that recently led to the backdooring of the XZ Utils package. XZ Utils supply chain compromise The XZ Utils software supply chain compromise was the result of a sophisticated social engineering effort where an attacker managed to earn the trust of the project’s maintainer through legitimate code contributions over multiple years until they were made co ..read more